On Cloud (Computing) Nine: Cloud Computing Contracts

Cloud computing is becoming the primary platform for web applications and the online distribution of increasingly complex and sensitive data. For many companies, cloud computing contracts inadequately address privacy and security risks. It is imperative that if your business is entering into a contract with a cloud computing vendor, the contract clearly sets out liability clauses and mitigates unique risks that arise from this form of technology.
IT contracts for cloud services differ substantially from traditional contracting models. From a technical perspective, IT infrastructure capacity is highly elastic. Elasticity means cloud server capacity can be dynamically reconfigured to adjust to a variable load depending on how many users are accessing data. Accordingly, there is an elimination of an up-front commitment by clients as they often pay only for what they use, compared to traditional IT hosting. These characteristics highlight not only the illusion of infinite resources but also how the location of data processing is not always known, predetermined or agreed to contractually.
Dude, Where’s My Data?
The physical location of data, coupled with its virtual state in the cloud, raises several issues regarding the validity of cross-border contracts and data security. Unlike traditional IT contracts whereby the law governing the Service Level Agreement and the choice of court in dispute resolution is clear, cloud computing raises new challenges. Given the potential movement of data across multiple jurisdictions, and the consequential inconsistency of confidentiality protection in differing jurisdictions, a client may find that their data may not be entitled to the same protection as contractually obliged. It is imperative that each cloud computing contract is drafted specifically for the vendor and the client. Vendors should offer comprehensive and unambiguous jurisdiction clauses, including a list of the regulations and statutes that govern the site where data is stored and how compliance is executed.
As the processing of data in the cloud can take place across different servers in different countries, or in a shared-tenancy cloud-computing environment, privacy concerns are paramount. The Privacy Act 1988 (Cth), USA PATRIOT Act and European Union Data Privacy Directive all vary in coverage and effect of data protection and privacy. For Australian cloud computing vendors, consideration of the Australian Privacy Principles (APPs) is also a requirement.
What Should I Look For In A Cloud Computing Contract?
If you are a client using cloud computing technology, you can minimise the risk of security breaches by conducting your due diligence procedures such as knowing where your data is stored, and ensuring protocols are implemented to monitor continuously vendors and how data is handled.
Most shrink-wrap and click-wrap agreements only allow clients to view the terms and conditions of the contract after purchase. As these contracts may involve limited liability clauses or vendor subcontracting agreements, clients are not often given an opportunity to negotiate their terms and to scrutinise the terms of their licenses closely. If you are considering entering a cloud computing contract, you should use your power to negotiate how your software is installed to comply with your requirements, and how data is stored and processed.
Key Takeaways
The innovation of cloud computing presents unique complexities and legal implications. Cloud computing clients should carefully scrutinise their contract before signing to ensure they understand the location and method of data storage. Our IT lawyers can assist with drafting or reviewing cloud computing contracts.
Questions? Get in touch on 1300 544 755.
Redundancies and Restructuring: Understanding Your Employer Obligations
Thursday 7 July | 11:00 - 11:45am
Online
How to Sponsor Foreign Workers For Your Tech Business
Wednesday 13 July | 11:00 - 11:45am
Online
Advertising 101: Social Media, Influencers and the Law
Thursday 21 July | 11:00 - 11:45am
Online
Structuring for Certainty in Uncertain Times
Tuesday 26 July | 12:00 - 12:45pm
Online
Playing for the Prize: How to Run Trade Promotions
Thursday 28 July | 11:00 - 11:45am
Online
Web3 Essentials: Understanding SAFT Agreements
Tuesday 2 August | 11:00 - 11:45am
Online
Understanding Your Annual Franchise Update Obligations
Wednesday 3 August | 11:00 - 11:45am
Online
Legal Essentials for Product Manufacturers
Thursday 11 August | 11:00 - 11:45am
Online
Was this article helpful?
We appreciate your feedback – your submission has been successfully received.
About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.
By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.
If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.